Sorry I don't entirely get it. If I log in to Mastodon through Tor, the server I'm logging into is still able to see my IP?
@Raindogdance no, but since it isn't a native hidden service you are vulnerable to man in the middle attacks by the exit node you use
it's definitely possible to allow users to connect to the mastodon site through an onion service, for example i have x0f.org available at https://bvrgrzu5awjacohape5s6s3j2locltcu5c7azzzuufqznknus5ll5fid.onion
@waxwing @mattodell @nvk
right i wouldn't hold my breath for mastodon supporting E2E encryption; i'm not sure it's even good if every software develops its own E2E encrypted private communication because spreads out cryptography review so much
it's a publication protocol mainly
FWIW x0f also runs a matrix server, a chat protocol that supports E2E (even for group chats), if you're on this server and interested in an account let me know
@orionwl @waxwing @mattodell @nvk I wouldn't be surprised if the Mastodon devs actually think E2E encryption on chats would be a negative. Mastodon is designed around a community model, with moderation, in a context of being worried about abuse and toxic behavior. If that's your design goal, is E2E encryption on DM's actually a feature you want? _I_ would say yes. But I can imagine those devs saying no.
If you think your *instance* (not Mastodon) admin's goal is to rob you, maybe you're on the wrong instance?
If your thread model is as 'paranoid' as you seem to indicate, Mastodon has a solution for that (too): run your own instance.
I assume that you've also informed all your followers on birdsite that the minimum wage earning employees of Twitter have access to a wealth of personal info. But in this case, there is no remedy.
(also, don't trust VPN providers)
VPN are often presented as some magical privacy and security solution, which they are not. If you're aware of the risks and tradeoffs, you surely can use them.
When all (your) Tor exit nodes are compromised, then the most likely scenario is that the NSA is after you. If you're not Elliot Alderson, that *very* likely means game over.
Bitcoin Maston Instance